The Biggest Crypto Exchange Hacks - COIN360
SUMMARY
May 09  |  12 min read

Top 7 Crypto Exchange Hacks

The COIN360 Editorial Team

Crypto exchanges have always been a magnet for hackers. They often have to store billions of dollars, but their security measures do not always correspond with this great responsibility. The last year has seen the biggest crypto exchange hack so far, the hack of Coincheck, and 2019 has already brought some unpleasant surprises.

The latest Binance hack made us remember other infamous incidents of that kind. This article will tell you about the 7 biggest crypto exchange hacks, their estimated losses, possible causes, and consequences.

Coincheck: the Biggest Crypto Exchange Hack of All Time

Exchange: Coincheck
Date: Jan. 26, 2018
Stolen funds: 500M NEM tokens (approx. $530M at that moment)
Possible causes: storing tokens in a single hot wallet; not using the NEM Multisig Contract Smart Signing App recommended by the token’s developers.
Consequences: NEM price dropped by 43%; Coincheck relaunched and is now operating under Japan’s FSA license.

How Did It Happen?

On Jan. 26, 2018, Coincheck published a blog post announcing that deposits and withdrawals of the NEM token were restricted on the platform. Later, the post was updated several times with more restrictions, suspending almost all payments on the exchange, including deposits. Coincheck was one of the largest cryptocurrency exchanges in Japan in terms of Bitcoin trade volume at that time, so the news spread rapidly. Speculation arose that there had been a hack, and regretfully, this appeared to be true.

On that same day, Coincheck’s leaders held a press conference confirming the hack and revealing the number of funds stolen — 500 million NEM (XEM) tokens, approximately $530M at that time. It became the largest crypto exchange hack in history, leaving behind that of Mt. Gox in 2014, affecting 260,000 users.

Coincheck CEO and president Koichiro Wada and COO Yusuke Otsuka apologize for the incident

Coincheck CEO and president Koichiro Wada and COO Yusuke Otsuka apologize for the incident.

NEM developers claimed that the NEM protocol was fully secure, and blamed Coincheck for not using the recommended Multisig Contract Smart Signing App. It was built as an additional security layer and required multiple signatures to send large transactions. Coincheck also admitted that they stored all of the NEM tokens in a single hot wallet, which made them highly vulnerable. According to later research, Coincheck staff members received virus-infected emails allowing hackers to steal the private key.

What Were the Consequences?

The price of NEM went down soon after the hack, and within a week it was trading at $0.58, a 43% drop from $1.02 on Jan. 26. At press time, the price is $0.05, but this probably isn’t a delayed effect of the hack, but instead mostly due to the extended bear market in 2018.

Coincheck kept their promise to compensate for losses, and on Mar. 13, 2018, all 260,000 users got their funds back. The total refund amount was $435M, because the token’s price in March was lower than in January. Coincheck claimed that they used the company’s own money for the refund.

Coincheck was inspected by Japan’s Financial Services Agency (FSA), and filed a report on the incident. The FSA used the infamous hack as a cause to inspect other Japanese crypto exchanges as well. The FSA sent business improvement orders to seven of them and temporarily halted two more.

Surprisingly, Coincheck was able to overcome the crisis, was acquired by Monex Group, and finally got a license from the FSA. Now it is a regulated crypto exchange, subject to anti-money laundering (AML) and know-your-customer (KYC) rules, with an average daily volume of $19M.

Mt. Gox: the Largest Bitcoin Theft

Exchange: Mt. Gox
Date: Feb. 7, 2014
Stolen funds: 850,000 BTC (approx. $473M at that moment)
Possible causes: storing BTC in a hot wallet; security breach allowing the theft of the private key.
Consequences: Bitcoin price dropped by 33%; Mt. Gox was declared bankrupt.

How Did It Happen?

On Feb. 7, 2014, Mt. Gox halted all Bitcoin withdrawals citing a bug in the Bitcoin software that allowed the alteration of transaction details. Ten days later, the exchange introduced new security measures and promised to resume withdrawals soon. On Feb. 24, though, all trading was suspended and the site went offline. On Feb. 28, the exchange’s CEO Mark Karpeles admitted that the company had lost 750,000 of its customers’ bitcoins and 100,000 of its own bitcoins. Mt. Gox filed for bankruptcy protection both in Japan and the USA.

Mark Karpeles, chief executive of Mt. Gox, at a press conference in the Tokyo District Court

Mark Karpeles, chief executive of Mt. Gox, at a press conference in the Tokyo District Court on February 28, 2014.

At the time of the hack, Mt. Gox was the largest Bitcoin exchange and handled around 80% of all Bitcoin transactions.

Later research showed that bitcoins were stolen from the exchange’s hot wallet, and this had been going on for a long time, starting back in 2011. At that time, Bitcoin private keys weren’t encrypted with a password or PIN, so the only thing the hacker needed to get to them was the wallet.dat file.

What Were the Consequences?

The price of Bitcoin dropped significantly: compared to $816 for 1 BTC on Feb. 6, 2014, it lost around 33% in 3 weeks after the hack and was at $550 on Mar. 1, 2014.

On Mar. 20, 2014, Mt. Gox reported that it had found 199,999.99 bitcoins in an old digital wallet, which reduced the total loss to 650,000 BTC.

Mt. Gox CEO, Mark Karpeles, was arrested in August 2015 and spent a year in prison. He was charged with fraud, embezzlement, and manipulating the Mt. Gox computer system to increase the balance of an account. On Mar. 14, 2019, the Tokyo District Court found Karpeles guilty of falsifying data to inflate Mt. Gox's holdings by $33.5 million. He was sentenced to 30 months in prison, suspended for four years. The Court acquitted Karpeles on other charges.

The latest news from Mt. Gox is that on Apr. 25, 2019, the deadline for the refund was extended to Oct. 28, 2019, by the Tokyo District Court order. Lots of affected users have given up hope to return their funds and are selling their claims.

BitGrail: a Hack or an Exit Scam?

Exchange: BitGrail
Date: Feb. 9, 2018
Stolen funds: 17M NANO (approx. $187M at that moment)
Possible causes: storing assets in a hot wallet; software flaw allowing multiple withdrawals; probably an exit scam.
Consequences: NANO price dropped by 67%; BitGrail was declared bankrupt; the owner was sentenced to return funds.

How Did It Happen?

BitGrail, a rather small Italian crypto exchange, reported the loss of 17M NANO on Feb. 9, 2018. The news was greeted with much skepticism, as BitGrail has been acting weird a month before the “hack”. First, it halted all withdrawals of XRB (which is now NANO), then deposits were also restricted, and finally, it was announced that a mandatory identity verification would be enforced for all users. All of this made users suspicious that BitGrail was planning an exit scam.

BitGrail promises to enable XRB withdrawals soon

BitGrail promises to enable XRB withdrawals soon (spoiler: this will never happen).

Francesco Firano, BitGrail founder, asked the developers of NANO to alter the coin’s ledger to cover the losses. The developers publicly rejected the request and alleged that Firano could have mismanaged customers’ assets and was then trying to use a hack as a cover.

What Were the Consequences?

The price of NANO had started falling even before the official hack announce due to the suspicious activity of BitGrail. On Jan. 2, 2018, its price was $34.6, and on Feb. 9 — $11.36, a 67% drop. It dropped even lower, along with the rest of the market, and is now trading at $1.5.

Francesco Firano had some ideas on how to reopen the exchange. He suggested a buyback plan “BitGrail shares” in order to restore 80% of the Nano tokens that had been hacked, but the court blocked the website and seized the exchange’s assets.

BitGrail was declared bankrupt on Jan. 21, 2019, by the Italian Bankruptcy Court. Francesco Firano, the owner and founder of BitGrail, was sentenced to return as much of the assets to his customers as possible. His personal assets were seized by Italian authorities. The investigation showed that BitGrail was responsible for its customers’ losses due to a software flaw allowing multiple withdrawals. BitGrail management was also aware of multiple attacks back in 2017, but didn’t warn the users.

Bitfinex: Full Recovery in 8 Months after the Hack

Exchange: Bitfinex
Date: Aug. 2, 2016
Stolen funds: 119,756 BTC (approx. $72M at that moment)
Possible causes: weakness in the multi-signature system.
Consequences: Bitcoin price plunged by 10%, but soon recovered; Bitfinex reimbursed customers with BFX tokens.

How Did It Happen?

On Aug. 2, 2016, Bitfinex announced the theft of $72M in bitcoins from its customers’ accounts. Bitcoin withdrawals and trading were halted. Hackers allegedly used vulnerabilities in the system of multi-signature wallets created by Bitfinex in cooperation with the Bitcoin wallet provider BitGo. Each user had a set of keys, of which Bitfinex held two, and BitGo used the third one to co-sign transactions.

Bitfinex security breach announcement on Twitter

Bitfinex “Security Breech” announcement on Twitter.

Bitfinex reported the theft to law enforcement and hired Ledger Labs, a blockchain consultancy firm, to investigate the incident. At that moment, Bitfinex was one of the world’s largest digital currency exchanges, and the theft became second largest after the Mt. Gox hack in 2014.

What Were the Consequences?

The price of Bitcoin lost around 10% (from $602 on Aug. 2, 2016, to $542 on Aug.3, 2016), but recovered soon, and on Aug. 7 was traded around $600 again.

Bitfinex decided to “generalize” the losses across all accounts and assets: even the unaffected by the hack users got their funds reduced by 36%. The decision was given a cool reception by the community. In September 2017, Bitfinex started its reimbursement plan. BFX tokens were issued to compensate users; they could be either sold back to Bitfinex for $1 apiece or exchanged for $1 beneficial interests in iFinex.

In April 2017, Bitfinex announced that it had finally completed reimbursing customers affected by the 2016 hack. All BFX tokens were redeemed and destroyed. Bitfinex claimed that it had achieved “full recovery” just 8 months after the incident.

Zaif: One More Japanese Exchange Hack

Exchange: Zaif
Date: Sep. 14, 2018
Stolen funds: 5,966 BTC, 5,911,859 MONA and 40,360 BCH (approx. $60M at that moment)
Possible causes: security breach giving hackers access to company’s hot wallets.
Consequences: Zaif refunded users and resumed services under a new owner.

How Did It Happen?

The Sep. 20, 2018 report on the official Zaif site revealed that the exchange had discovered an unauthorized access from outside and the leakage of some customers’ funds totaling approximately $60M. Deposits and withdrawals had been suspended almost a week before the report (on Sep. 14), and after that the exchange was under internal investigation.

The building in Tokyo housing Zaif owner, Tech Bureau Corp.

The building in Tokyo housing Zaif owner, Tech Bureau Corp.

Before the hack, Zaif had received business improvement orders from the FSA twice; it had been criticized for the lack of “the proper and required internal control systems”. Immediately after the incident, the FSA started an investigation to find out whether the exchange had the proper security measures.

What Were the Consequences?

Zaif refunded the users affected by the breach. Holders of BTC and BCH got refunds in the original cryptocurrency. MONA holders, due to liquidity issues, received 60% in MONA tokens and the remainder in Japanese yen.

On Apr. 22, 2019, Zaif announced that the business would be transferred from Tech Bureau to Fisco Digital Asset Group (FDAG). Fisco provided financial support of around $45M to cover customers’ losses, and acquired the majority of Zaif shares. On Apr. 23, 2019, Zaif resumed its services, 7 months after the hack.

Binance: the Latest Hack of the Top Exchange

Exchange: Binance
Date: May 7, 2019
Stolen funds: 7,070 BTC (approx. $40.7M at that moment)
Possible causes: “large scale security breach”; phishing, viruses and other attacks used to steal account data.
Consequences: Binance daily trading volume declined by 7%; Secure Asset Fund for Users will be used to compensate losses.

How Did It Happen?

On May 7, 2019, Binance announced that hackers had managed to withdraw 7,000 BTC from the exchange’s hot wallet. The company claimed that there was only one affected transaction, and other Binance wallets were unaffected. Binance temporarily suspended all deposits and withdrawals and started a security review of its systems.

Binance CEO Changpeng Zhao during his live AMA on Twitter

Binance CEO Changpeng Zhao during his live AMA on Twitter.

The theft was made possible due to phishing and viruses — that is how the hackers got access to a large number of users’ private data, including two-factor authentication codes and API keys. Changpeng Zhao, CEO of Binance, addressed community concerns regarding the hack during his live AMA on Twitter.

What Were the Consequences?

Bitcoin’s price slightly decreased and lost 2.6% after the hack, being traded at $5,800, but soon recovered, and is trading at $6,029 at the moment of writing. Binance lost around 7% of its daily trading volume, which is now $769M.

Binance promises to reimburse its customers using its Secure Asset Fund for Users (SAFU). According to Binance CEO Changpeng Zhao, there is enough cryptocurrency to cover the incident.

Users are highly recommended to reset their two-factor authentications and change API keys to ensure safety.

Coinrail: 11 Different Coins Stolen

Exchange: Coinrail
Date: June 9, 2018
Stolen funds: DENT, BBC, ETH, JNT, BTC, KNC, STORM, TRX, NPXS, ATX, and NPER totaling approx. $40M at that time
Possible causes: “cyber intrusion”.
Consequences: Coinrail offered a refund and reopened trading.

How Did It Happen?

On Jun. 9, 2018, Coinrail, a rather small South Korean crypto exchange, reported a “cyber intrusion” into its systems. A large number of various ERC-20 tokens were stolen totaling approximately $40M: NPXS token from the Pundi X project, ATC from Aston, the NPER project’s NPER token, and others.

Coinrail confirms the hack on Twitter

Coinrail confirms the hack on Twitter.

The stolen amount represented nearly 30% of all Coinrail’s funds, and the exchange claimed that the other 70% were safe and had been transferred to a cold wallet. The exchange suspended trading and tried to recover lost coins together with Pundi X, a project behind the NPXS token. They traced the stolen coins, which had been sent to IDEX decentralized exchange and IDEX suspended trading of NPXS.

What Were the Consequences?

Though Bitcoin lost around $900 of its price on so-called “Bloody Sunday” (Jun. 10, 2018) and traded at $6,765 after Saturday’s $7,635, experts say that this couldn’t be the effect of the hack. They claimed that the pullback was disproportionate to the size of the hack and Coinrail’s significance in the ecosystem.

On Jul. 15, 2018, Coinrail resumed trading of 11 cryptocurrencies, though trading of some previously traded tokens was not resumed. The exchange offered customers affected by the hack two different compensation schemes. The first one was to “pay back the unrecovered cryptocurrencies by gradually purchasing the cryptocurrencies with the profit from the service operation.” The second one was to compensate users with Coinrail RAIL tokens, which could then be converted into a cryptocurrency.

Final Thoughts

Despite increasingly complex security measures, hackers still find ways to steal funds from crypto exchanges. The estimated losses are ominous: the seven biggest attacks described in this article, alone, have taken more than $1.4B from their rightful owners.

Even two-factor authentication cannot make users’ assets totally secure, and the latest example of Binance is proof. Most crypto experts agree that using exchange wallets as long-term storage is reckless.

Any crypto exchange hack receives increased attention from media, even non-crypto, and it causes a deep mistrust of cryptocurrencies. Hacks are also often followed by cryptocurrency market declines, which make them a problem not only of a single crypto exchange and its customers, but of the crypto community as a whole.

Thanks for reading,
The COIN360 Editorial Team